We're Hiring

Build the Future of API Security

We're a small, focused team on a mission to make automated API security testing accessible to every engineering team — from early-stage startups to regulated enterprises. If you care deeply about security and want your work to matter, we'd love to talk.

Open Roles

Current Openings

One focused opening right now. We hire slowly and deliberately — we'd rather wait for the right person than fill a seat.

Engineering

Senior Security Engineer

Remote — Worldwide Full-time Now Hiring

About the Role

DastPilot's core product is a DAST engine that reads OpenAPI specifications and fires real attack payloads against live APIs. As our first dedicated security hire, you'll own the depth and accuracy of that engine — expanding vulnerability coverage, improving payload quality, reducing false positives, and shaping how we approach AI-assisted scan planning.

This is a hands-on engineering role. You'll write code, design attack strategies, review findings for accuracy, and work directly with the founding team to define what "good" looks like for automated API security testing.

What You'll Do

  • Design and implement new attack modules covering the full OWASP API Security Top 10 (2023)
  • Build and refine payload libraries for injection, BOLA, broken auth, mass assignment, and SSRF
  • Improve detection logic to reduce false positives and increase signal quality across scan runs
  • Research emerging API vulnerability patterns and translate them into automated test cases
  • Contribute to AI-assisted scan planning — helping the model understand API risk context and prioritize test ordering
  • Review and triage scan findings for accuracy, writing clear remediation guidance for each vulnerability class
  • Collaborate on CI/CD integration patterns so security gates work reliably in real pipelines
  • Help define internal security standards and review product changes for security implications

What We're Looking For

  • 5+ years in application security, penetration testing, or security engineering
  • Deep hands-on experience with API security — REST, GraphQL, OpenAPI/Swagger
  • Strong understanding of OWASP API Top 10 and how each category manifests in real systems
  • Proficiency in at least one backend language (Python, Go, Node.js, or similar) — you'll be writing production code
  • Experience with HTTP internals, auth mechanisms (JWT, OAuth 2.0, API keys), and common injection techniques
  • Familiarity with DAST tooling (Burp Suite, OWASP ZAP, or similar) and how automated scanners work under the hood
  • Ability to communicate vulnerability findings clearly to both technical and non-technical audiences
  • Comfortable working autonomously in a remote, async environment

Nice to Have

  • Experience building or contributing to open-source security tools
  • Background in bug bounty programs or CVE research
  • Familiarity with LLM APIs and prompt engineering for security use cases
  • Knowledge of CI/CD security patterns (GitHub Actions, GitLab CI)
  • OSCP, CEH, or equivalent certification

Ready to apply?

Send your CV and a short note about why this role interests you to careers@dastpilot.com. No cover letter required — just tell us what you've worked on that's most relevant.

Apply Now

Don't see a fit right now?

We keep a shortlist of strong candidates for future roles. If you're passionate about API security and want to be considered when we next hire, send a brief intro to careers@dastpilot.com — we read every message.

Help us secure the world's APIs.

Join a small team doing focused, meaningful work on a hard problem.

Apply for Senior Security Engineer